+++ /dev/null
-{
- "asdcResourceId": "",
- "asdcServiceId": "",
- "asdcServiceURL": "",
- "blueprintTemplate": "",
- "owner": "robot",
- "serviceIds": [],
- "serviceLocations": [],
- "typeName": "",
- "typeVersion": 100,
- "vnfTypes": []
-}
+++ /dev/null
-tosca_definitions_version: cloudify_dsl_1_3
-imports:
- - 'http://www.getcloudify.org/spec/cloudify/4.5.5/types.yaml'
- - 'plugin:k8splugin?version=>=3.4.2,<4.0.0'
-inputs:
- tag_version:
- type: string
- description: Docker image to be used
- default: 'mongo'
- replicas:
- type: integer
- description: Number of instances
- default: 1
- service_component_type:
- type: string
- default: "mongo-ves-client"
- service_component_name_override:
- type: string
- default: "mongo-ves-client"
-node_templates:
- mongo:
- type: dcae.nodes.ContainerizedServiceComponent
- interfaces:
- cloudify.interfaces.lifecycle:
- start:
- inputs:
- envs:
- MONGO_INITDB_ROOT_USERNAME: root
- MONGO_INITDB_ROOT_PASSWORD: zXcVbN123!
- MONGO_INITDB_DATABASE: pnf_simulator
- ports:
- - '27017:0'
- properties:
- service_component_type: { get_input: service_component_type }
- service_component_name_override: { get_input: service_component_name_override }
- image: { get_input: tag_version }
- replicas: { get_input: replicas }
+++ /dev/null
-tosca_definitions_version: cloudify_dsl_1_3
-imports:
- - 'http://www.getcloudify.org/spec/cloudify/4.5.5/types.yaml'
- - 'plugin:k8splugin?version=>=3.4.2,<4.0.0'
-inputs:
- tag_version:
- type: string
- description: Docker image to be used
- default: 'mongo'
- replicas:
- type: integer
- description: Number of instances
- default: 1
- service_component_type:
- type: string
- default: "mongo"
- service_component_name_override:
- type: string
- default: "mongo"
-node_templates:
- mongo:
- type: dcae.nodes.ContainerizedServiceComponent
- interfaces:
- cloudify.interfaces.lifecycle:
- start:
- inputs:
- envs:
- MONGO_INITDB_ROOT_USERNAME: root
- MONGO_INITDB_ROOT_PASSWORD: zXcVbN123!
- MONGO_INITDB_DATABASE: pnf_simulator
- ports:
- - '27017:0'
- properties:
- service_component_type: { get_input: service_component_type }
- service_component_name_override: { get_input: service_component_name_override }
- image: { get_input: tag_version }
- replicas: { get_input: replicas }
+++ /dev/null
-tosca_definitions_version: cloudify_dsl_1_3
-imports:
- - 'http://www.getcloudify.org/spec/cloudify/4.5.5/types.yaml'
- - 'plugin:k8splugin?version=>=3.4.2,<4.0.0'
-inputs:
- tag_version:
- type: string
- description: Docker image to be used
- default: 'nexus3.onap.org:10001/onap/org.onap.integration.simulators.pnfsimulator:latest'
- replicas:
- type: integer
- description: Number of instances
- default: 1
- external_cert_cert_type:
- type: string
- description: Output type
- default: 'P12'
- external_cert_ca_name:
- type: string
- description: Name of Certificate Authority configured on CertService side.
- default: 'RA'
- external_cert_common_name:
- type: string
- description: Common name which should be present in certificate.
- default: 'pnf-simulator'
- external_cert_sans:
- type: string
- description: 'List of Subject Alternative Names (SANs) which should be present
- in certificate. Delimiter - , Should contain common_name value and other FQDNs
- under which given component is accessible.'
- default: 'pnf-simulator'
- external_cert_use_external_tls:
- type: boolean
- description: Flag to indicate external tls enable/disable.
- default: true
- service_component_type:
- type: string
- default: "pnf-simulator"
- service_component_name_override:
- type: string
- default: "pnf-simulator"
-node_templates:
- pnf-simulator:
- type: dcae.nodes.ContainerizedServiceComponent
- interfaces:
- cloudify.interfaces.lifecycle:
- start:
- inputs:
- envs:
- STRICT_HOSTNAME_VERIFICATION: 'true'
- ports:
- - '5000:0'
- properties:
- service_component_type: { get_input: service_component_type }
- service_component_name_override: { get_input: service_component_name_override }
- image: { get_input: tag_version }
- replicas: { get_input: replicas }
- always_pull_image: true
- tls_info:
- cert_directory: '/app/store/'
- external_cert:
- external_cert_directory: '/app/store/'
- use_external_tls:
- get_input: external_cert_use_external_tls
- cert_type:
- get_input: external_cert_cert_type
- ca_name:
- get_input: external_cert_ca_name
- external_certificate_parameters:
- common_name:
- get_input: external_cert_common_name
- sans:
- get_input: external_cert_sans
+++ /dev/null
-tosca_definitions_version: cloudify_dsl_1_3
-imports:
- - 'http://www.getcloudify.org/spec/cloudify/4.5.5/types.yaml'
- - 'plugin:k8splugin?version=>=3.4.2,<4.0.0'
-inputs:
- tag_version:
- type: string
- description: Docker image to be used
- default: 'nexus3.onap.org:10001/onap/org.onap.integration.nfsimulator.vesclient:latest'
- replicas:
- type: integer
- description: Number of instances
- default: 1
- external_cert_cert_type:
- type: string
- description: Output type
- default: 'P12'
- external_cert_ca_name:
- type: string
- description: Name of Certificate Authority configured on CertService side.
- default: 'RA'
- external_cert_common_name:
- type: string
- description: Common name which should be present in certificate.
- default: 'ves-client'
- external_cert_sans:
- type: string
- description: 'List of Subject Alternative Names (SANs) which should be present
- in certificate. Delimiter - , Should contain common_name value and other FQDNs
- under which given component is accessible.'
- default: 'ves-client'
- external_cert_use_external_tls:
- type: boolean
- description: Flag to indicate external tls enable/disable.
- default: true
- service_component_type:
- type: string
- default: "ves-client"
- service_component_name_override:
- type: string
- default: "ves-client"
-node_templates:
- ves-client:
- type: dcae.nodes.ContainerizedServiceComponent
- interfaces:
- cloudify.interfaces.lifecycle:
- start:
- inputs:
- envs:
- STRICT_HOSTNAME_VERIFICATION: 'true'
- MONGO_HOSTNAME:
- concat: ["mongo-", {get_input: service_component_name_override}]
- ports:
- - '5000:0'
- properties:
- service_component_type: { get_input: service_component_type }
- service_component_name_override: { get_input: service_component_name_override }
- image: { get_input: tag_version }
- replicas: { get_input: replicas }
- always_pull_image: true
- tls_info:
- cert_directory: '/app/store/'
- external_cert:
- external_cert_directory: '/app/store/'
- use_external_tls:
- get_input: external_cert_use_external_tls
- cert_type:
- get_input: external_cert_cert_type
- ca_name:
- get_input: external_cert_ca_name
- external_certificate_parameters:
- common_name:
- get_input: external_cert_common_name
- sans:
- get_input: external_cert_sans
--- /dev/null
+certMethod: "aaf"
+
+fullnameOverride: "ves-client-aaf"
+secretName: ves-client-secret-aaf
+configMapName: ves-client-configmap-aaf
+certificateName: ves-client-certificate-aaf
+
+config:
+ useCerts: true
+ mongoDbName: ves-client-db-aaf
+
+mongodb:
+ fullnameOverride: "ves-client-db-aaf"
+
+certInitializer:
+ nameOverride: vesclient-cert-initializer-aaf
+
+certificates:
+ name: ves-client-cert-aaf
+ secretName: ves-client-secret-aaf
+ keystores:
+ jks:
+ create: true
+ passwordSecretRef:
+ name: ves-client-secret-aaf
+ key: p12.pass
+ pkcs12:
+ create: true
+ passwordSecretRef:
+ name: ves-client-secret-aaf
+ key: p12.pass
--- /dev/null
+fullnameOverride: "ves-client-basic"
+secretName: "ves-client-secret-basic"
+configMapName: "ves-client-configmap-basic"
+certificateName: "ves-client-certificate-basic"
+
+config:
+ useCerts: false
+ mongoDbName: ves-client-db-basic
+
+mongodb:
+ fullnameOverride: "ves-client-db-basic"
+
+certInitializer:
+ nameOverride: vesclient-cert-initializer-basic
--- /dev/null
+certMethod: "cmpv2"
+
+fullnameOverride: "ves-client-cmpv2"
+nameOverride: "ves-client-cmpv2"
+secretName: ves-client-secret-cmpv2
+configMapName: ves-client-configmap-cmpv2
+certificateName: ves-client-certificate-cmpv2
+
+config:
+ useCerts: true
+ strictHost: true
+ mongoDbName: ves-client-db-cmpv2
+
+mongodb:
+ fullnameOverride: "ves-client-db-cmpv2"
+
+certInitializer:
+ nameOverride: vesclient-cert-initializer-cmpv2
--- /dev/null
+# TLS role -- set to true if microservice acts as server
+# If true, an init container will retrieve a server cert
+# and key from AAF and mount them in certDirectory.
+tlsServer: false
+
+global:
+ centralizedLoggingEnabled: false
+ cmpv2Enabled: true
+ masterPassword: "test"
+
+
+nameOverride: "dcae-ves-cmpv2-cert-corect-sans"
+fullnameOverride: "dcae-ves-cmpv2-cert-corect-sans"
+
+
+# CMPv2 certificate
+# It is used only when:
+# - certDirectory is set
+# - global cmpv2Enabled flag is set to true
+# - flag useCmpv2Certificates is set to true
+# Disabled by default
+useCmpv2Certificates: true
+certificates:
+ - mountPath: /opt/app/dcae-certificate/external
+ commonName: dcae-ves-collector-cmpv2-cert
+ dnsNames:
+ - dcae-ves-collector-cmpv2-cert
+ - ves-collector-cmpv2-cert
+ - ves-cmpv2-cert
+ keystore:
+ outputType:
+ - jks
+ passwordSecretRef:
+ name: ves-cmpv2-keystore-password
+ key: password
+ create: true
+
+# service configuration
+service:
+ type: NodePort
+ name: dcae-ves-collector-cmpv2-cert
+ ports:
+ - name: http
+ port: 8443
+ plain_port: 8080
+ port_protocol: http
+ nodePort: 18
+ useNodePortExt: true
+
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-ves-cmpv2-cert-corect-sans
+ roles:
+ - read
--- /dev/null
+# TLS role -- set to true if microservice acts as server
+# If true, an init container will retrieve a server cert
+# and key from AAF and mount them in certDirectory.
+tlsServer: false
+
+global:
+ centralizedLoggingEnabled: false
+ cmpv2Enabled: true
+ masterPassword: "test"
+
+
+nameOverride: "dcae-ves-cmpv2-cert-wrong-sans"
+fullnameOverride: "dcae-ves-cmpv2-cert-wrong-sans"
+
+
+# CMPv2 certificate
+# It is used only when:
+# - certDirectory is set
+# - global flag is set to true
+# - flag useCmpv2Certificates is set to true
+# Disabled by default
+useCmpv2Certificates: true
+certificates:
+ - mountPath: /opt/app/dcae-certificate/external
+ commonName: wrong-sans
+ dnsNames:
+ - wrong-sans
+ keystore:
+ outputType:
+ - jks
+ passwordSecretRef:
+ name: ves-cmpv2-keystore-password-wrong-sans
+ key: password
+ create: true
+
+# service configuration
+service:
+ type: NodePort
+ name: dcae-ves-collector-cmpv2-cert-wrong-sans
+ ports:
+ - name: http
+ port: 8443
+ plain_port: 8080
+ port_protocol: http
+ nodePort: 19
+ useNodePortExt: true
+
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-ves-cmpv2-cert-wrong-sans
+ roles:
+ - read
--- /dev/null
+apiVersion: v2
+name: ves-client
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+appVersion: 1.0.1
+dependencies:
+ - name: mongodb
+ version: 10.x
+ repository: https://charts.bitnami.com/bitnami
+ condition: mongodb.enabled
+ - name: certInitializer
+ version: ~x.x-0
+ repository: '@chart-museum'
+ - name: common
+ version: ~x.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@chart-museum'
--- /dev/null
+collector
\ No newline at end of file
--- /dev/null
+collector
\ No newline at end of file
--- /dev/null
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "ves-client.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "ves-client.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "ves-client.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "ves-client.labels" -}}
+helm.sh/chart: {{ include "ves-client.chart" . }}
+{{ include "ves-client.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "ves-client.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "ves-client.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "ves-client.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "ves-client.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Common namespace
+*/}}
+{{- define "ves-client.namespace" -}}
+ {{- default .Release.Namespace .Values.nsPrefix -}}
+{{- end -}}
+
+{{/*
+Define dns names in certificate
+*/}}
+{{- define "ves-client.dnsNames" -}}
+{{- range $dnsName := $.Values.certificates.dnsNames }}
+- {{ $dnsName }}
+{{- end }}
+{{- end }}
+
+{{/*
+Define dns names in certificate
+*/}}
+{{- define "ves-client.init" -}}
+{{ if eq .Values.certMethod "wrongCert" }}
+- name: {{ include "common.name" . }}-readiness
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ .Values.certInitializer.image }}
+ imagePullPolicy: {{ .Values.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ .Values.aafVolumeName }}
+ mountPath: /opt/app/osaaf
+{{- end }}
+{{- end }}
+
+{{- define "ves-client.containers" -}}
+- env:
+ - name: MONGO_HOSTNAME
+ value: {{ .Values.config.mongoDbName | quote }}
+ - name: USE_CERTIFICATE_FOR_AUTHORIZATION
+ value: {{ .Values.config.useCerts | quote }}
+ - name: STRICT_HOSTNAME_VERIFICATION
+ value: {{ .Values.config.strictHost | quote }}
+ name: {{ .Values.configMapName }}
+ securityContext:
+ {{- toYaml .Values.securityContext | nindent 12 }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.port }}
+ protocol: TCP
+ livenessProbe:
+ httpGet:
+ path: /simulator/config
+ port: 5000
+ initialDelaySeconds: 10
+ periodSeconds: 30
+ timeoutSeconds: 1
+ successThreshold: 1
+ failureThreshold: 3
+ readinessProbe:
+ httpGet:
+ path: /simulator/config
+ port: 5000
+ initialDelaySeconds: 60
+ periodSeconds: 15
+ timeoutSeconds: 1
+ successThreshold: 1
+ failureThreshold: 3
+ resources:
+ {{- toYaml .Values.resources | nindent 12 }}
+ volumeMounts:
+ {{ if eq .Values.certMethod "wrongCert" }}
+ - name: certstore
+ mountPath: /app/store/cert.p12
+ subPath: cert.p12
+ - name: certstore
+ mountPath: /app/store/p12.pass
+ subPath: p12.pass
+ - name: {{ .Values.aafVolumeName }}
+ mountPath: /app/store
+ {{- end }}
+ {{ if eq .Values.certMethod "cmpv2" }}
+ - name: certstore
+ mountPath: /app/store
+ {{- end }}
+{{- end }}
+
+{{- define "ves-client.volumes" -}}
+{{ if or ( eq .Values.certMethod "cmpv2" ) ( eq .Values.certMethod "wrongCert" ) }}
+- name: certstore
+ projected:
+ sources:
+ - secret:
+ name: ves-client-secret-cmpv2
+ items:
+ - key: keystore.p12
+ path: cert.p12
+ - key: p12.pass
+ path: p12.pass
+ - key: p12.pass
+ path: truststore.pass
+ - key: truststore.jks
+ path: trust.jks
+{{- end }}
+{{ if eq .Values.certMethod "wrongCert" }}
+{{ include "common.certInitializer.volumes" . | nindent 8 }}
+- name: {{ .Values.aafVolumeName }}
+ emptyDir: {}
+{{- end }}
+{{- end }}
\ No newline at end of file
--- /dev/null
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: '{{ include "ves-client.fullname" . }}-cert'
+ namespace: {{ include "ves-client.namespace" . }}
+spec:
+ secretName: ves-client-secret-cmpv2
+ commonName: {{ include "ves-client.fullname" . }}
+ renewBefore: {{ .Values.certificates.renewBefore }}
+ duration: {{ .Values.certificates.duration }}
+ subject:
+ organizations:
+ - {{ .Values.certificates.subject.organization }}
+ countries:
+ - {{ .Values.certificates.subject.country }}
+ localities:
+ - {{ .Values.certificates.subject.locality }}
+ provinces:
+ - {{ .Values.certificates.subject.province }}
+ organizationalUnits:
+ - {{ .Values.certificates.subject.organizationalUnit }}
+ issuerRef:
+ group: {{ .Values.certificates.issuerRef.group }}
+ kind: {{ .Values.certificates.issuerRef.kind }}
+ name: {{ .Values.certificates.issuerRef.name }}
+ dnsNames: {{ include "ves-client.dnsNames" . | indent 4 }}
+ keystores:
+ {{ toYaml .Values.certificates.keystores | nindent 4 }}
--- /dev/null
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "ves-client.fullname" . }}
+ labels:
+ {{ include "ves-client.labels" . | nindent 4 }}
+spec:
+ selector:
+ matchLabels:
+ {{ include "ves-client.selectorLabels" . | nindent 6 }}
+ template:
+ metadata:
+ labels:
+ {{ include "ves-client.selectorLabels" . | nindent 8 }}
+ spec:
+ initContainers:
+ {{ include "ves-client.init" . | nindent 8 }}
+ containers:
+ {{ include "ves-client.containers" . | nindent 8 }}
+ volumes:
+ {{ include "ves-client.volumes" . | nindent 8 }}
--- /dev/null
+apiVersion: v1
+kind: Secret
+metadata:
+ name: ves-client-secret-cmpv2
+data:
+ p12.pass: MjNlOTE3NzVjOTE4ZTRmNjY4ZTFhYzgyZDY5ZjExYWU0ZWU0ZGM2MTM3YzUwMzZkZjE3MmEyODJhYTA5
+type: Opaque
--- /dev/null
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Values.nameOverride }}
+ labels:
+ {{ include "ves-client.labels" . | nindent 4 }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.port }}
+ targetPort: {{ .Values.service.port }}
+ protocol: TCP
+ name: {{ .Values.service.name }}
+ selector:
+ {{ include "ves-client.selectorLabels" . | nindent 4 }}
--- /dev/null
+global:
+ importCustomCertsEnabled: false
+
+certMethod: "aaf"
+aafVolumeName: aaf-vol-store
+
+replicaCount: 1
+
+image:
+ repository: onap/org.onap.integration.nfsimulator.vesclient
+ pullPolicy: IfNotPresent
+ # Overrides the image tag whose default is the chart appVersion.
+ tag: ""
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: "ves-client"
+
+config:
+ strictHost: false
+ useCerts: false
+ mongoDbName: ves-client-db
+
+templatesDir: "/app/template"
+certsDir: "/app/store"
+
+ingress:
+ enabled: false
+
+certInitializer:
+ nameOverride: vesclient-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: ves-client
+ fqi: ves-client@vesclient.onap.org
+ public_fqdn: ves-client.onap.org
+ fqi_namespace: "org.onap.vesclient"
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ image: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+ mountPath: "/opt/app/osaaf"
+ appMountPath: "/opt/app/osaaf"
+
+podAnnotations: {}
+
+podSecurityContext: {}
+ # fsGroup: 2000
+
+securityContext: {}
+ # capabilities:
+ # drop:
+ # - ALL
+ # readOnlyRootFilesystem: true
+ # runAsNonRoot: true
+ # runAsUser: 1000
+
+service:
+ type: NodePort
+ port: 5000
+ name: ves-client-port-name
+
+resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+
+autoscaling:
+ enabled: false
+ minReplicas: 1
+ maxReplicas: 100
+ targetCPUUtilizationPercentage: 80
+ # targetMemoryUtilizationPercentage: 80
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+mongodb:
+ fullnameOverride: "ves-client-db"
+ persistence:
+ enabled: false
+ auth:
+ rootPassword: zXcVbN123!
+ database: simulator
+ username: root
+
+certificates:
+ name: ves-client-cert
+ secretName: ves-client-secret
+ commonName: ves-client
+ dnsNames:
+ - ves-client
+ renewBefore: 720h #30 days
+ duration: 8760h #365 days
+ subject:
+ organization: "Linux-Foundation"
+ country: "US"
+ locality: "San-Francisco"
+ province: "California"
+ organizationalUnit: "ONAP"
+# issuer:
+# group: certmanager.onap.org
+# kind: CMPv2Issuer
+# name: cmpv2-issuer-onap
+ issuerRef:
+ group: certmanager.onap.org
+ kind: CMPv2Issuer
+ name: cmpv2-issuer-onap
+
+# ipAddresses: "127.0.0.1"
+ keystores:
+ jks:
+ create: true
+ passwordSecretRef:
+ name: ves-client-secret-cmpv2
+ key: p12.pass
+ pkcs12:
+ create: true
+ passwordSecretRef:
+ name: ves-client-secret-cmpv2
+ key: p12.pass
Install helm charts
[Documentation] Install DCAE Servcie using helm charts
- [Arguments] ${chart_repo_name} ${dcae_servcie_helm_charts} ${dcae_service_helm_name} ${wait_time}=2 min ${set_values_override}=${EMPTY}
- ${helm_install}= Set Variable helm install ${dcae_service_helm_name} ${chart_repo_name}/${dcae_servcie_helm_charts} --set global.repository=${registry_ovveride} ${set_values_override}
+ [Arguments] ${chart_repo_name} ${dcae_servcie_helm_charts} ${dcae_service_helm_name} ${wait_time}=6m0s ${set_values_override}=${EMPTY}
+ ${helm_install}= Set Variable helm install ${dcae_service_helm_name} ${chart_repo_name}/${dcae_servcie_helm_charts} --set global.repository=${registry_ovveride} ${set_values_override} --wait --timeout ${wait_time}
${helm_install_command_output} = Run And Return Rc And Output ${helm_install}
Log ${helm_install_command_output[1]}
Should Be Equal As Integers ${helm_install_command_output[0]} 0
- Wait Until Keyword Succeeds ${wait_time} 20 sec Checking Status Of Deployed Appliction Using Helm ${dcae_servcie_helm_charts} ${dcae_service_helm_name}
Install helm charts from folder
[Documentation] Install DCAE Servcie using helm charts not in repo
- [Arguments] ${chart_folder} ${dcae_service_helm_name} ${wait_time}=2 min ${set_values_override}=${EMPTY}
+ [Arguments] ${chart_folder} ${dcae_service_helm_name} ${wait_time}=2m0s ${set_values_override}=${EMPTY}
${helm_dependency_update}= Set Variable helm dependency update ${chart_folder}
${helm_dependency_update_output} = Run And Return Rc And Output ${helm_dependency_update}
Log ${helm_dependency_update_output[1]}
Should Be Equal As Integers ${helm_dependency_update_output[0]} 0
${rest} ${dcae_servcie_helm_charts} = Split String From Right ${chart_folder} / 1
- ${helm_install}= Set Variable helm install ${dcae_service_helm_name} ${chart_folder} --set global.repository=${registry_ovveride} ${set_values_override}
+ ${helm_install}= Set Variable helm install ${dcae_service_helm_name} ${chart_folder} --set global.repository=${registry_ovveride} ${set_values_override} --wait --timeout ${wait_time}
${helm_install_command_output} = Run And Return Rc And Output ${helm_install}
Log ${helm_install_command_output[1]}
Should Be Equal As Integers ${helm_install_command_output[0]} 0
- Wait Until Keyword Succeeds ${wait_time} 20 sec Checking Status Of Deployed Appliction Using Helm ${dcae_servcie_helm_charts} ${dcae_service_helm_name}
-
-Checking Status Of Deployed Appliction Using Helm
- [Arguments] ${dcae_servcie_helm_charts} ${dcae_service_helm_name}
- ${pod_status}= Set Variable kubectl get pods -n onap | grep ${dcae_service_helm_name} | awk '{print $3}'
- ${pod_status_command_output} = Run And Return Rc And Output ${pod_status}
- Should Be Equal As Integers ${pod_status_command_output[0]} 0
- Should Be Equal As Strings ${pod_status_command_output[1]} Running
- ${pod_ready}= Set Variable kubectl get pods -n onap | grep ${dcae_service_helm_name} | awk '{print $2}'
- ${pod_ready_command_output} = Run And Return Rc And Output ${pod_ready}
- Should Be Equal As Integers ${pod_ready_command_output[0]} 0
- ${pre} ${post} = Split String ${pod_ready_command_output[1]} / 1
- Should Be Equal As Strings ${pre} ${post}
Uninstall helm charts
[Documentation] Uninstall DCAE Servcie using helm charts
Library ONAPLibrary.Utilities
Library ONAPLibrary.Templating WITH NAME Templating
Resource pnf_registration_without_SO_template.robot
-Resource ../dcae/deployment.robot
-Resource ../dcae/inventory.robot
Resource ../global_properties.robot
+Resource ../resources/test_templates/pnf_registration_without_SO_template.robot
+Resource ../chart_museum.robot
+
*** Variables ***
${VES_data_path} eventListener/v7
${single_event_data_path} /simulator/event
${users} ${EXECDIR}/robot/assets/cmpv2/mongo-users.json
-
+${HELM_RELEASE} kubectl --namespace onap get pods | sed 's/ .*//' | grep robot | sed 's/-.*//'
+${CMPv2_helm_values} ${EXECDIR}/robot/assets/cmpv2
+${VES_Client_helm_charts} ${EXECDIR}/robot/assets/helm/ves-client
*** Keywords ***
+
+Suite setup
+ [Arguments] ${PNF_entry_dict}
+ Send VES integration request ${PNF_entry_dict}
+ ${command_output} = Run And Return Rc And Output ${HELM_RELEASE}
+ Should Be Equal As Integers ${command_output[0]} 0
+ Set Global Variable ${ONAP_HELM_RELEASE} ${command_output[1]}
+ Log To Console Deploying VES Client
+ Install VES Client
+ Log To Console Deploying VES collector with CMPv2 and correct sans
+ Install VES collector with CMPv2
+ Log To Console Deploying VES collector with CMPv2 and wrong SANs
+ Install VES collector with CMPv2 and wrong SANs
+
+Install VES Client
+ [Arguments] ${cert}=cmpv2
+ ${override} = Set Variable -f ${CMPv2_helm_values}/ves_client_values_cmpv2.yaml --set fullnameOverride=${ONAP_HELM_RELEASE}-ves-client-cmpv2 --set mongodb.fullnameOverride=${ONAP_HELM_RELEASE}-ves-db-client-cmpv2 --set config.mongoDbName=${ONAP_HELM_RELEASE}-ves-db-client-cmpv2 --set certMethod=${cert} --debug
+ Install helm charts from folder ${VES_Client_helm_charts} ${ONAP_HELM_RELEASE}-ves-client set_values_override=${override}
+
+Install VES collector with CMPv2
+ ${override} = Set Variable -f ${CMPv2_helm_values}/ves_correct_sans_cmpv2.yaml --debug
+ Install helm charts chart-museum dcae-ves-collector ${ONAP_HELM_RELEASE}-dcae-ves-cmpv2-cert-corect-sans 3m ${override}
+
+Install VES collector with CMPv2 and wrong SANs
+ ${override} = Set Variable -f ${CMPv2_helm_values}/ves_wrong_sans_cmpv2.yaml --debug
+ Install helm charts chart-museum dcae-ves-collector ${ONAP_HELM_RELEASE}-dcae-ves-cmpv2-cert-wrong-sans 3m ${override}
+
VES Client send single VES event
[Arguments] ${event} ${ves_host} ${ves_port} ${pnf_sim_host} ${pnf_sim_port} ${http_reposnse_code}=202
${pnf_sim_endpoint}= Set Variable http://${pnf_sim_host}.onap:${pnf_sim_port}
Log VES has accepted event with status code ${post_resp.status_code}
[Return] ${post_resp}
-
Usecase Teardown
- Undeploy Service ${mongo-dep}
- Undeploy Service ${ves-client-dep}
- Undeploy Service ves-collector-cmpv2-dep
- Undeploy Service ves-collector-cmpv2-wrong-sans-dep
- Delete Blueprint From Inventory ${serviceTypeIdMongo}
- Delete Blueprint From Inventory ${serviceTypeIdPnfSimulator}
\ No newline at end of file
+ Uninstall helm charts ${ONAP_HELM_RELEASE}-ves-client
+ Uninstall helm charts ${ONAP_HELM_RELEASE}-dcae-ves-cmpv2-cert-corect-sans
+ Uninstall helm charts ${ONAP_HELM_RELEASE}-dcae-ves-cmpv2-cert-wrong-sans
[Return] ${output}
Deploying Data File Collector
- Install helm charts chart-museum dcae-datafile-collector ${ONAP_HELM_RELEASE}-dcae-datafile-collector 3 min --set useCmpv2Certificates=true --set global.cmpv2Enabled=true --set masterPasswordOverride=test --set global.centralizedLoggingEnabled=false --debug
+ Install helm charts chart-museum dcae-datafile-collector ${ONAP_HELM_RELEASE}-dcae-datafile-collector 6m --set useCmpv2Certificates=true --set global.cmpv2Enabled=true --set masterPasswordOverride=test --debug
Deploying 3GPP PM Mapper
- Install helm charts chart-museum dcae-pm-mapper ${ONAP_HELM_RELEASE}-dcae-pm-mapper 3 min --set global.centralizedLoggingEnabled=false --set applicationConfig.enable_tls=true --set applicationConfig.enable_http=false --set applicationConfig.aaf_identity=dcae@dcae.onap.org --set applicationConfig.aaf_password=demo123456! --set applicationConfig.key_store_path=/opt/app/pm-mapper/etc/cert/cert.jks --set applicationConfig.key_store_pass_path=/opt/app/pm-mapper/etc/cert/jks.pass --set applicationConfig.trust_store_path=/opt/app/pm-mapper/etc/cert/trust.jks --set applicationConfig.trust_store_pass_path=/opt/app/pm-mapper/etc/cert/trust.pass --debug
+ Install helm charts chart-museum dcae-pm-mapper ${ONAP_HELM_RELEASE}-dcae-pm-mapper 6m --debug
Deploying SFTP Server As xNF
${override} = Set Variable --set fullnameOverride=${ONAP_HELM_RELEASE}-sftp --debug
Setting KNOWN_HOSTS_FILE_PATH Environment Variable in DFC
${rc}= Run and Return RC ${SET_KNOWN_HOSTS_FILE_PATH}
Should Be Equal As Integers ${rc} 0
- Wait Until Keyword Succeeds 5 min 10s Check Known Hosts In Env ${CHECK_ENV_SET}
+ Wait Until Keyword Succeeds 7 min 10s Check Known Hosts In Env ${CHECK_ENV_SET}
${GET_RSA_KEY}= Set Variable kubectl exec $(kubectl get pod -n onap | grep ${ONAP_HELM_RELEASE}-sftp | awk '{print $1}') -n onap -- ssh-keyscan -t rsa ${ONAP_HELM_RELEASE}-sftp > /tmp/known_hosts
${rc}= Run and Return RC ${GET_RSA_KEY}
Should Be Equal As Integers ${rc} 0
Should Be Equal As Strings ${resp.status_code} 200
${rc} = Run and Return RC kubectl delete pods -n onap $(kubectl get pods -n onap | grep datafile-collector | awk '{print $1}' | grep -v NAME)
Should Be Equal As Integers ${rc} 0
- Wait Until Keyword Succeeds 120 sec 5 sec Check logs kubectl logs -n onap $(kubectl get pods -n onap | grep datafile-collector | awk '{print $1}' | grep -v NAME) ${container_name}-datafile-collector
+ Wait Until Keyword Succeeds 360 sec 15 sec Check logs kubectl logs -n onap $(kubectl get pods -n onap | grep datafile-collector | awk '{print $1}' | grep -v NAME) ${container_name}-datafile-collector
Sending File Ready Event to VES Collector for HTTPS Server
[Arguments] ${https-server_host}
Library ONAPLibrary.JSON
Library ONAPLibrary.Utilities
Library ONAPLibrary.Templating WITH NAME Templating
-Resource ../resources/dcae/deployment.robot
-Resource ../resources/dcae/inventory.robot
Resource ../resources/global_properties.robot
Resource ../resources/test_templates/cmpv2.robot
-Resource ../resources/test_templates/pnf_registration_without_SO_template.robot
-Suite Setup Send VES integration request ${initial entry}
+Suite Setup Suite setup ${initial entry}
Suite Teardown Usecase Teardown
*** Variables ***
${VES_INPUTS} deployment/VesTlsCmpv2Inputs.jinja
${pnf_ves_integration_request} ves/pnf_registration_request.jinja
${NEXUS3} ${GLOBAL_INJECTED_NEXUS_DOCKER_REPO}
-&{initial entry} correlation_id=dummy PNF_IPv4_address=11.11.11.1 PNF_IPv6_address=2001:0db8:0:0:0:0:1428:57ab
-
+&{initial entry} correlation_id=dummy PNF_IPv4_address=11.11.11.1 PNF_IPv6_address=2001:0db8:0:0:0:0:1428:57ab
*** Test Cases ***
-Deploying VES Client
- [Documentation]
- ... This test case deploys VES Client with "enable_tls": set to false and "external_cert_use_external_tls" (CMPv2) set to true as DCAE applictaion
- [Tags] CMPv2
- ${rand} Generate Random String 5 [NUMBERS][LOWER]
- Set Suite Variable ${ves_client_hostname} ves-client-${rand}
- ${serviceTypeIdMongo} Load Blueprint To Inventory ${MONGO_BLUEPRINT_PATH} mongo-${rand}
- ${serviceTypeIdPnfSimulator} Load Blueprint To Inventory ${PNF_SIMULATOR_BLUEPRINT_PATH} ves-client-${rand}
- Set Suite Variable ${serviceTypeIdMongo}
- Set Suite Variable ${serviceTypeIdPnfSimulator}
- ${deployment_data}= Set Variable {"serviceTypeId":"${serviceTypeIdMongo}", "inputs":{"service_component_name_override":"mongo-${ves_client_hostname}","service_component_type":"mongo-${ves_client_hostname}"}}
- Set Suite Variable ${mongo-dep} mongo-dep-${rand}
- Deploy Service ${deployment_data} ${mongo-dep} 2 minutes
- ${resp}= Get Blueprint From Inventory ves-client-${rand}
- ${json}= Set Variable ${resp.json()}
- ${image} Get Regexp Matches ${json['items'][0]['blueprintTemplate']} nexus3(.)*?(?=\')
- ${image} Replace String ${image}[0] nexus3.onap.org:10001 ${NEXUS3}
- ${deployment_data}= Set Variable {"serviceTypeId":"${serviceTypeIdPnfSimulator}", "inputs":{"tag_version": "${image}", "service_component_name_override":"${ves_client_hostname}"}}
- Set Suite Variable ${ves-client-dep} ves-client-dep-${rand}
- Deploy Service ${deployment_data} ${ves-client-dep} 4 minutes
-
-
-Deploying VES collector with CMPv2
- [Documentation]
- ... This test case deploys second VES instance with "enable_tls": set to true and "external_cert_use_external_tls" (CMPv2) set to true as DCAE applictaion
- ... Both CMPv2 and AAF certificates are present
- [Tags] CMPv2
- ${resp}= Get Blueprint From Inventory k8s-ves
- ${json}= Set Variable ${resp.json()}
- ${serviceTypeIdVes} Set Variable ${json['items'][0]['typeId']}
- ${image} Get Regexp Matches ${json['items'][0]['blueprintTemplate']} nexus3(.)*?(?=\")
- ${image} Replace String ${image}[0] nexus3.onap.org:10001 ${NEXUS3}
- ${arguments}= Create Dictionary serviceTypeId=${serviceTypeIdVes}
- Set To Dictionary ${arguments} image ${image}
- Set To Dictionary ${arguments} external_port_tls 32226
- Set To Dictionary ${arguments} service_component_name_override dcae-ves-collector-cmpv2-cert
- Set To Dictionary ${arguments} external_cert_sans dcae-ves-collector-cmpv2-cert,ves-collector-cmpv2-cert,ves-cmpv2-cert
- Templating.Create Environment deployment ${GLOBAL_TEMPLATE_FOLDER}
- ${deployment_data}= Templating.Apply Template deployment ${VES_INPUTS} ${arguments}
- Deploy Service ${deployment_data} ves-collector-cmpv2-dep 4 minutes
-
-Deploying VES collector with CMPv2 and wrong SANs
- [Documentation]
- ... This test case deploys second VES instance with "enable_tls": set to true and "external_cert_use_external_tls" (CMPv2) set to true as DCAE applictaion, CMPv2 certificate has wrong SANs
- ... Both CMPv2 and AAF certificates are present
- [Tags] CMPv2
- ${resp}= Get Blueprint From Inventory k8s-ves
- ${json}= Set Variable ${resp.json()}
- ${serviceTypeIdVes} Set Variable ${json['items'][0]['typeId']}
- ${image} Get Regexp Matches ${json['items'][0]['blueprintTemplate']} nexus3(.)*?(?=\")
- ${image} Replace String ${image}[0] nexus3.onap.org:10001 ${NEXUS3}
- ${arguments}= Create Dictionary serviceTypeId=${serviceTypeIdVes}
- Set To Dictionary ${arguments} image ${image}
- Set To Dictionary ${arguments} external_port_tls 32227
- Set To Dictionary ${arguments} service_component_name_override dcae-ves-collector-cmpv2-cert-wrong-sans
- Set To Dictionary ${arguments} external_cert_sans wrong-sans
- Templating.Create Environment deployment ${GLOBAL_TEMPLATE_FOLDER}
- ${deployment_data}= Templating.Apply Template deployment ${VES_INPUTS} ${arguments}
- Deploy Service ${deployment_data} ves-collector-cmpv2-wrong-sans-dep 4 minutes
-
Send registration request to CMPv2 VES
[Documentation]
... This test case triggers registration request from VES Client (where is present only CMPv2 certificate) to VES collector
Create PNF initial entry in A&AI ${PNF_entry_dict}
Templating.Create Environment ves ${GLOBAL_TEMPLATE_FOLDER}
${template}= Templating.Apply Template ves ${pnf_ves_integration_request} ${PNF_entry_dict}
- VES Client send single VES event ${template} dcae-ves-collector-cmpv2-cert 8443 ${ves_client_hostname} 5000
+ VES Client send single VES event ${template} dcae-ves-collector-cmpv2-cert 8443 ves-client-cmpv2 5000
Verify PNF Integration Request in A&AI ${PNF_entry_dict}
Send registration request to CMPv2 VES with wrong SAN-s
${PNF_entry_dict}= Create Dictionary correlation_id=${pnf_correlation_id} PNF_IPv4_address=14.14.14.14 PNF_IPv6_address=2001:0db8:0:0:0:0:1428:57ab
Templating.Create Environment ves ${GLOBAL_TEMPLATE_FOLDER}
${template}= Templating.Apply Template ves ${pnf_ves_integration_request} ${PNF_entry_dict}
- ${resp}= VES Client send single VES event ${template} dcae-ves-collector-cmpv2-cert-wrong-sans 8443 ${ves_client_hostname} 5000 421
+ ${resp}= VES Client send single VES event ${template} dcae-ves-collector-cmpv2-cert-wrong-sans 8443 ves-client-cmpv2 5000 421
Should Contain ${resp.json().get('message')} wrong-sans
Send registration request to VES without CMPv2 certificate
... This test case triggers registration request from VES Client (where is present only CMPv2 certificate) to VES collector
... with disabled CMPv2 (only AAF certificate is present - VES collector deployed during whole ONAP deploy).
[Tags] CMPv2
+ Uninstall helm charts ${ONAP_HELM_RELEASE}-ves-client
+ Install VES Client wrongCert
${pnf_correlation_id}= Generate Random String 20 [LETTERS][NUMBERS]
${PNF_entry_dict}= Create Dictionary correlation_id=${pnf_correlation_id} PNF_IPv4_address=14.14.14.14 PNF_IPv6_address=2001:0db8:0:0:0:0:1428:57ab
Templating.Create Environment ves ${GLOBAL_TEMPLATE_FOLDER}
${template}= Templating.Apply Template ves ${pnf_ves_integration_request} ${PNF_entry_dict}
- ${resp}= VES Client send single VES event ${template} dcae-ves-collector 8443 ${ves_client_hostname} 5000 421
+ ${resp}= VES Client send single VES event ${template} dcae-ves-collector 8443 ves-client-cmpv2 5000 421
Should Contain ${resp.json().get('message')} certificate_unknown